Have to say by the campus network see Network Security status-vulnerability warning-the black bar safety net

2005-11-30T00:00:00
ID MYHACK58:6220054946
Type myhack58
Reporter 佚名
Modified 2005-11-30T00:00:00

Description

Preface originally really do not want to write this article, but really can not let people endure. Did not expect the school campus network security situation is actually so bad, one of the most impressive Willy-nilly. Or administrator of quality and safety awareness. Status of the recall a year ago, I inadvertently entered the Harbin XX UniversityWeb server. This server seems to be just installed, full is the default vulnerability, I think is probably not yet had time to configure it, so the sender alert the administrator as soon as possible do Security Configuration. Then left, after a week, I should be friends requirements for the detection of a server security. Since the did not get authorization, so you need a springboard, think of the Harbin XX University Server. A to see, actually were untouched, naked running, I'm exhausted in order to cause management's attention to modify home page title tag, the more that I can't imagine that is the modified page can actually on google Search, and was incredibly surprised, and later re-access a access not, also the ping does not pass. It seems off, don't know what reasons, prefer off or to configure it, even if it is a firewall also. To the server so that within the network one can imagine. We are Liuzhou city has two provincial focus, given the impact, all with a pseudonym, A is City, in the following referred to as city High, one of the regions, hereinafter referred to as the high, every year, nearly 3 0 0 people focus on, nearly 6 0 0 people undergraduate, and high this year also won 9 of Tsinghua University, it stands to reason computer teacher level should be very high. But not only the external server poor security, within the network security situation is more appalling. AndFTP server, MAIL server there are some flaws. What is the reason? High the website is well done. See the full Station based on ASP+SQL, but also write their own programs, attentive to the concept of wiping the source code can be found in many filtering problems, just easy to view some ASP files to run the result of the HTML code can see the form there are some small problems, it is easy for people to perform cross-site unauthorized operation. FTP-serverwith IIS5. 0. You can also anonymous login, but now it seems to get better. Now imail to 7. xx version, now also with 5. xx. Forums use dynamic web 0 1 0 9 version, dispuser. asp has a serious statement to filter questions, so that the attacker can perform a cross-site scripting to get any Forum user's password, because the database is not encrypted. All passwords clear text display. Smart people should know what it means. I had this issue letters to the administrator. The administrator does not own to detect the actually to ask me to a solution. Sad...... More serious still within the network security, in hacking software bullying today, a variety of the dangers of data packets flying everywhere, it was often without freezing, using the device name resolution vulnerabilities is silent on. Shared resources are exposed have to go overboard, just said theweb serverthe web directory is also shared out, direct you can put all the ASP files to be down, of course, also found the conn. asp file in the sa user name and password, although the connection is not possible, but indeed not a joke, some time ago, have a classmate stumbled on the teacher computer in the papers. The results of many students are jetting off to the East turned West to find, then simply hidden the online a neighbor, did not find people to succeed, but actually to enter into the teacher's computer or a breeze. I just don't need to do this. Leadership office, the Office of Academic Affairs computer, semester plans, test scores, salaries, Student Assessment, etc. glance. Some or any reader, any person know will be shocked. Room Local Security done a good job, using the EXTRA hard disk restore card, the prohibition of the registry and the Control Panel all the options, teaching monitoring software used to be simple in the boot before the termination of the process, later software used regeneration technology, the process is killed will regenerate, the program is deleted will be regenerated, and even you get rid of the Program Files directory, he will also be regeneration of a complete program out of it. A bit like qeyes lurking Hunter. Results no one can escape the teacher's monitor, but I still unimpeded. Thus, or very insecure, the program is very good, the system itself is bad. But the administrator always feel good...... Soon, in my Forum on the found city High-one of the students put into the city high, the server process is written down. Internal invasion. Actually there is a second decoding vulnerability. printer remote overflow vulnerability. See here, I went to city high on the server to see the results of your popping. Since it is not our school, I bad revealed nothing, I just want to remind Liu to the high of the administrator as soon as possible to carefully check their system. Even if installed a firewall also to no avail. The above is my understanding of the situation, other schools not much better。 Status you know much, what do you think? I have summarized few reasons: one, the Administrator's quality is very low, the security consciousness, the level is generally low. For issue of letter of indifference. Second, theweb serverand the system have not been attentive to the Security Configuration. Third, the use of the program version is too low, the vulnerability is obvious, but not to take any remedial measures. Fourth, there is no strict control of each working group between the access rights, nor do the single-machine preventive work. Fifth, the Administrators rely too much on the program. Their was no due diligence. The solution given below I think the work of some of the solutions are for reference only. A, The external server the security of the external server typically isthe web serverthis is a local area network of the first hurdle, since the funds, online time, management and many other reasons, this server sure the network is connected, so as long as the control of the server, then want to get inside any one of the computer information is not difficult. So this server is critical, be sure to meticulously configure. If you are not a professional network, please refer to the online-related articles. B, the internal security problem in order to solve the internal LAN security issues, the most basic is to install the NT kerneloperating system, using the NTFS format of the partition. The server can use the Windows 2 0 0 0 Server or Windows 2 0 0 0 Advanced Server or even UNIX or UNIX-like system. Students and teachers machine you can use Windows 2 0 0 0 professional, firm system can improve resistance to a variety of bomb ability, you can also better control authority, and a robust password mechanism 9 8 a shame. In addition, you can also install some of the small footprint of the simple packet filtering firewall. C, student computer security schools worry about the students in the computer of all sorts of wrong operation caused data loss, system crash, therefore the installation of various hard disk restore card, protect the card or Restore Wizard. This hard to say is a kind of torture, but also increased spending, in fact, full use of the NTFS partition to the“security”feature, it can be hard for good protection, because so far, I have not found what tool can break through NTFS protection. Strictly set for each partition, directory, file access permissions, the effect than the reduction of the card but also to the ideal number of times. And does not damage the hard disk can also be good to limit the download and the like. Did the administrator afraid of hardship or that the computer is by the school out of money and improper? D, internal management issues. For IP, each computer only have one network identity, just like people ID like, if the management is not good even to be changed or compromised, could cause that too computer can not access, and now that each schools are basically manually assign IP addresses, time-consuming and the page may allow students to modify, in fact, NT/2 0 0 0 provides DHCP(Dynamic Host Configuration Protocol)service, through this function can be a good solution to the IP distribution and theft issues. If you do not know the settings, see the using DHCP services cleverly fixed IP address " and " how to solve the campus network to avoid IP address of the theft act. Security management measures the following say that some of the network system security management measures A, anyoperating systemhave a vulnerability, as the administrator responsible for the timely play on the various patches(Patch it. In order to be a security vulnerability is reduced to a minimum, but also to the system can be more stable job. B, The password is the chief janitorial officer, most of the attacks are from to intercept or guess the password to start, once a hacker successfully enters, then the front of the defensive measures is almost no effect. So the password for the safe and effective management is the administrator of the obligatory duties. C, turn off unnecessary services, if the system uses NT Kernel System it relates to a service concept, and some service controls a port on and off, one more unnecessary services on more than a threat. This point is also need to pay attention. D, data backup is always the most tiring but the most necessary work, who also dare not sure of operating errors, power failure, hard disk damage and other accidents when the occur. Diligent backup of data can give you to reduce data loss after the embarrassment. E, the careful selection of good antivirus software, the virus is a large network of inseparable guys, almost every large network has its shadow, 2 0 0 3 1 2 5, the outbreak of the global SQL worm is the best warning. F, the rational use of security tools for testing, do not think that security tools is invasion attack's patent, the administrator than those who are more entitled to use it. The scanner will allow you to better understand system vulnerabilities. Sniffer can better help you solve a network of some of the substantive issues. So you must be skilled in using them. Solutions and protection measures for the campus network, network security is an art-science, and only continue to dig and Explore in order to better manage and improve her. To adapt to different occasions. The above is my personal point of view, there are quite a few mistakes hope you can point out.